Lido DAO, the governing body behind the popular liquid staking protocol Lido Finance, has launched an emergency vote to replace a compromised oracle after a serious security breach. The issue centers around Chorus One, one of Lido’s oracle providers, whose Ethereum address was compromised in an incident that drained its funds. Investigations are ongoing, but preliminary findings suggest a hot wallet private key leak.

Lido reassured users that the breach was limited to Chorus One and did not affect the broader protocol or its core infrastructure. Chorus One has taken immediate steps to mitigate further risk, including deploying a new, secure machine. While no flaws were found in the underlying oracle software, the event has reignited concerns over cybersecurity in decentralized finance (DeFi).

The breach underscores a growing crisis within the crypto sector: increasingly sophisticated attacks targeting the foundation of digital finance. In a Q1 2025 report, blockchain security firm Hacken revealed that more than $2 billion in crypto assets were lost to malicious activity, with the massive $1.4 billion Bybit hack dominating the losses.

April alone saw an additional $357 million stolen, up significantly from the previous month. Hacken CEO Dyma Budorin warned during Token2049 that without stronger code audits and enhanced cybersecurity frameworks, the crypto ecosystem will remain highly vulnerable.

Concerns have grown to such a level that G7 nations are expected to discuss threats posed by state-linked hacking groups—particularly those tied to North Korea—at their next summit. As DeFi adoption accelerates globally, incidents like Lido’s oracle breach serve as urgent reminders that security must be a top priority to protect user assets and maintain trust in onchain systems.